feat: Replace sessionStorage with (custom) cookieStorage

author: Syndamia <kamen@syndamia.com> 2025-01-26 22:00:21 +0200
committer: Syndamia <kamen@syndamia.com> 2025-01-26 22:21:31 +0200
commit: edf446fae669f3370609f5a955c3d6c863a93524 (patch)
tree: c46984167cc5b79c51b243602f7a4837d428fd82
parent: 73ad3e330be1a6849269fec5d4b7b42b0330cede (diff)
download: nowayforward_human-edf446fae669f3370609f5a955c3d6c863a93524.tar
nowayforward_human-edf446fae669f3370609f5a955c3d6c863a93524.tar.gz
nowayforward_human-edf446fae669f3370609f5a955c3d6c863a93524.zip
11 files changed, 53 insertions, 35 deletions
diff --git a/controllers/archive.php b/controllers/archive.php
index dbce6c3..0941d12 100644
--- a/controllers/archive.php
+++ b/controllers/archive.php
@@ -5,13 +5,15 @@ use DOMDocument;
 use Exception;
 
 function on_post() {
+    global $TOKEN;
+
     $WEBSITE_CATEGORY = 'page_url';
     $DOWNLOADS_FOLDER = getenv('ARCHIVES_DIR');
     $website_url = $_POST[$WEBSITE_CATEGORY];
     $uid = 1;
-    if (array_key_exists('token', $_POST) && strlen($_POST['token']) === 36) {
+    if ($TOKEN !== "") {
         try {
-            $uid = Database\Cookie::fromDB($_POST['token'])->UID;
+            $uid = Database\Cookie::fromDB($TOKEN)->UID;
         }
         catch (Exception $e) {}
     }
diff --git a/controllers/list.php b/controllers/list.php
index 0ec33d1..2dea9ec 100644
--- a/controllers/list.php
+++ b/controllers/list.php
@@ -4,11 +4,12 @@ use Database;
 use Exception;
 
 function on_post() {
+    global $TOKEN;
     global $list_status;
     $list_status = "";
 
     try {
-        $uid = Database\Cookie::fromDB($_POST['token'])->UID;
+        $uid = Database\Cookie::fromDB($TOKEN)->UID;
         Database\ArchiveList::create($uid, $_POST["name"], $_POST["description"]);
     }
     catch(Exception $e) {
diff --git a/controllers/login.php b/controllers/login.php
index 8b640ce..179afe6 100644
--- a/controllers/login.php
+++ b/controllers/login.php
@@ -23,9 +23,9 @@ function on_post() {
 }
 
 function on_delete() {
+    global $TOKEN;
     try {
-        $headers = apache_request_headers();
-        Database\Cookie::delete($headers["Authorization"]);
+        Database\Cookie::delete($TOKEN);
     }
     catch(Exception $e) {}
 }
diff --git a/controllers/meta.php b/controllers/meta.php
index e20bbfc..91a8ade 100644
--- a/controllers/meta.php
+++ b/controllers/meta.php
@@ -6,8 +6,18 @@ function call_handler(string $name) {
     }
 }
 
-switch ($_SERVER['REQUEST_METHOD']) {
-    case 'POST': call_handler('Controller\on_post'); break;
-    case 'PUT': call_handler('Controller\on_put'); break;
-    case 'DELETE': call_handler('Controller\on_delete'); break;
-};
+$TOKEN = (array_key_exists('token', $_COOKIE)) ? ($_COOKIE['token'] ?? "") : ("");
+
+function request_handler() {
+    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+        if (array_key_exists('method', $_POST)) {
+            switch ($_POST['method']) {
+                case 'PUT': call_handler('Controller\on_put'); return;
+                case 'DELETE': call_handler('Controller\on_delete'); return;
+                case 'PATCH': call_handler('Controller\on_patch'); return;
+            }
+        }
+        call_handler('Controller\on_post');
+    }
+}
+request_handler();
diff --git a/views/archive/index.php b/views/archive/index.php
index ac6ada6..7de2dff 100644
--- a/views/archive/index.php
+++ b/views/archive/index.php
@@ -18,13 +18,8 @@
 
     <form action="#" method="POST">
         <input type="hidden" name="page_url" value="<?= $url ?>">
-        <input id="token" type="hidden" name="token" value="">
         <input type="submit" value="Archive Now!">
     </form>
-    <script type="text/javascript">
-        const tokenInput = document.getElementById('token');
-        tokenInput.value = sessionStorage.getItem('token');
-    </script>
     <!-- Button to add to list -->
     <!-- Button to delete -->
 
@@ -61,12 +56,7 @@
     <h2>"<?= $url ?>" hasn't been archived yet!</h2>
     <form action="#" method="POST">
         <input type="hidden" name="page_url" value="<?= $url ?>">
-        <input id="token" type="hidden" name="token" value="">
         <input type="submit" value="Archive Now!">
     </form>
-    <script type="text/javascript">
-        const tokenInput = document.getElementById('token');
-        tokenInput.value = sessionStorage.getItem('token');
-    </script>
 
 <?php endif; ?>
diff --git a/views/authenticate.js b/views/authenticate.js
index 8b158ce..398794a 100644
--- a/views/authenticate.js
+++ b/views/authenticate.js
@@ -1,3 +1,25 @@
+var cookieStorage = {
+    getItem: function(index) {
+        let cookies = document.cookie.split(';');
+        for (cookie of cookies) {
+            let values = cookie.trim().split('=');
+            if (values[0] === index) {
+                return values[1];
+            }
+        }
+        return undefined;
+    },
+    setItem: function(index, value, expires = 'Fri, 31 Dec 9999 23:59:59 GMT') {
+        let cookie = index + '=' + value + ';';
+        cookie += 'expires=' + expires + ';';
+        cookie += 'path=/';
+        document.cookie = cookie;
+    },
+    removeItem: function(index) {
+        cookieStorage.setItem(index, "", 'Thu, 01 Jan 1970 00:00:00 GMT');
+    },
+};
+
 var authentication_response = null;
 var authentication_callbacks = [];
 
@@ -9,7 +31,6 @@ function requestAuthentication() {
         authentication_response = (request.status == 200) ? request.responseText : "";
     }
     request.open("POST", "/authenticate", true);
-    request.setRequestHeader("Authorization", sessionStorage.getItem("token"));
     request.send(null);
 }
 requestAuthentication();
diff --git a/views/global/router.php b/views/global/router.php
index fa9348d..cd9b304 100644
--- a/views/global/router.php
+++ b/views/global/router.php
@@ -40,6 +40,8 @@ foreach (glob($MODELS_DIR . '/*.php') as $filename) {
     require_once $filename;
 }
 
+$TOKEN = (array_key_exists('token', $_COOKIE)) ? ($_COOKIE['token'] ?? "") : ("");
+
 if (str_ends_with($view, '.php')) {
     require_once $view;
 }
diff --git a/views/login/index.php b/views/login/index.php
index 94faafe..da0d8e2 100644
--- a/views/login/index.php
+++ b/views/login/index.php
@@ -10,7 +10,7 @@
             </span></p>
         <?php else: ?>
             <script type="text/javascript">
-                sessionStorage.setItem("token", "<?= $token ?>");
+                cookieStorage.setItem("token", "<?= $token ?>");
                 window.location.href = "/";
             </script>
         <?php endif; ?>
diff --git a/views/logout/index.php b/views/logout/index.php
index fc9af5a..87878ed 100644
--- a/views/logout/index.php
+++ b/views/logout/index.php
@@ -1,14 +1,11 @@
 <h2>Logging you out...</h2>
 
 <script type="text/javascript">
-    if (!sessionStorage.getItem('token')) {
+    if (!cookieStorage.getItem('token')) {
         window.location.href = '/';
     }
 
     function deleteToken(response) {
-        let token = sessionStorage.getItem('token');
-        sessionStorage.removeItem('token');
-
         let request = new XMLHttpRequest();
         request.onreadystatechange = function() {
             if (request.readyState < 4) return;
@@ -16,8 +13,9 @@
             window.location.href = '/';
         }
         request.open("DELETE", "#", true);
-        request.setRequestHeader("Authorization", token);
         request.send(null);
+
+        cookieStorage.removeItem('token');
     }
     authenticated(deleteToken);
 </script>
diff --git a/views/newlist/index.php b/views/newlist/index.php
index 289c9da..72ac7a3 100644
--- a/views/newlist/index.php
+++ b/views/newlist/index.php
@@ -1,5 +1,5 @@
 <script type="text/javascript">
-    if (!sessionStorage.getItem('token')) {
+    if (!cookieStorage.getItem('token')) {
         window.location.href = '/login';
     }
 </script>
@@ -19,10 +19,5 @@
 
     <input type="text" name="name" placeholder="List title" minlength="1">
     <textarea name="description" placeholder="Description"></textarea>
-    <input id="token" type="hidden" name="token" value="">
     <input type="submit" value="Login">
 </form>
-<script type="text/javascript">
-    const tokenInput = document.getElementById('token');
-    tokenInput.value = sessionStorage.getItem('token');
-</script>
diff --git a/views/profile/authenticate.php b/views/profile/authenticate.php
index afe1ca7..e4cf47e 100644
--- a/views/profile/authenticate.php
+++ b/views/profile/authenticate.php
@@ -9,8 +9,7 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
 }
 
 try {
-    $headers = apache_request_headers();
-    $user = Database\Cookie::fromDB($headers["Authorization"]);
+    $user = Database\Cookie::fromDB($TOKEN);
 
     http_response_code(200);
     header('Content-Type: text/plain');
author	Syndamia <kamen@syndamia.com>	2025-01-26 22:00:21 +0200
committer	Syndamia <kamen@syndamia.com>	2025-01-26 22:21:31 +0200
commit	edf446fae669f3370609f5a955c3d6c863a93524 (patch)
tree	c46984167cc5b79c51b243602f7a4837d428fd82
parent	73ad3e330be1a6849269fec5d4b7b42b0330cede (diff)
download	nowayforward_human-edf446fae669f3370609f5a955c3d6c863a93524.tar nowayforward_human-edf446fae669f3370609f5a955c3d6c863a93524.tar.gz nowayforward_human-edf446fae669f3370609f5a955c3d6c863a93524.zip